Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
1. bad use of sizeof
=> DriverManager/__info.c:3978
It looks like there should be used sizeof(*error_header) instead of
sizeof(error_header).
| void setup_error_head( EHEAD *error_header, void *handle, int type )
| {
|- memset( error_header, 0, sizeof( error_header ));
|+ memset( error_header, 0, sizeof( *error_header ));
|
| error_header -> owning_handle = handle;
| error_header -> handle_type = type;
2. Bad negation of comparison.
=> DriverManager/SQLGetCursorName.c:188
=> DriverManager/SQLGetCursorNameW.c:171
Result of '!buffer_length' is always 0 or 1. Never can be less than 0.
| @@ -185,7 +185,7 @@ SQLRETURN SQLGetCursorName( SQLHSTMT statement_h..,
|
| thread_protect( SQL_HANDLE_STMT, statement );
|
| - if ( !buffer_length < 0 )
| + if ( !(buffer_length < 0) )
| {
| dm_log_write( __FILE__,
| __LINE__,
3. Defect in Working with list
=> DriverManager/SQLConnect.c:2393
The variable 'env_lib_list' really looks like it may be equal to NULL,
even if 'env_lib_prev' is non-NULL.
Here is the case: (after that the while's breake will be achieved)
| @@ -2303,6 +2303,9 @@ static void release_env( DMHDBC connection )
| }
| env_lib_prev = env_lib_list;
| env_lib_list = env_lib_list -> next;
| + // this is it: ^^^^
| + // env_lib_list goes to NULL but env_lib_prev stays
| + // non-NULL
| }
| }
4. Null dereference when error handling..
=> Drivers/template/SQLAllocStmt.c:24
dereference of NULL pointer hDbc (hDbc->hLog).
5. Null dereference.
=> Drivers/template/SQLDescribeCol.c:49
dereference of the variable 'szColname' as strcpy target.
6. Null dereference
=> cur/SQLAllocStmt.c:74
| if (!cl_statement) {
| cl_statement -> cl_connection -> ...
| }
7. Missing break statement_handle
=> exe/isql.c:103
when '-3' parameter is passed it really looks that verbose mode is turned
on because of falling through this..
8. Static overrun
=> Drivers/Postgre7.1/info.c1010
| @@ -1007,7 +1007,7 @@ mylog("%s: entering...stmt=%u\n", func, stmt);
| strcpy(prefixes, globals.extra_systable_prefixes);
| i = 0;
| prefix[i] = strtok(prefixes, ";");
| - while (prefix[i] && i<32) {
| + while (prefix[i] && i<31) {
| prefix[++i] = strtok(NULL, ";");
| }
9. Static overrun
=> Drivers/nn/convert.c:248/434
Bad walk through sqltype_idx_tab. It has only 7 items.
10. Sizeof mismatch
=> DriverManager/SQLGetStmtAttrW.c:322|329|336
Memcpy on line 322 will copy only first 8 bytes from statement->apd into
value pointer destination.
| memcpy( value, &statement -> apd, sizeof( SQLHANDLE ));
11. Stray semicolon
=> cur/SQLBindCol.c:89
12. Missing return statement
=> unixODBC-2.2.14/exe/isql.c:552
13. Array 'salt' is not initialized and is used
=> Drivers/PostgreSQL/results.c:743
| crypt( ci -> password, salt );
^^^^
Comment 8RHEL Program Management
2012-06-12 01:19:06 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
RHEL-5 has now entered production phase 2, in which only security and other critical bugs will be addressed. It doesn't look like any of these count as critical bugs. (Note that the worst ones are in the built-in drivers, which we consider deprecated anyway --- people should use mysql-connector-odbc64 or postgresql-odbc64.) Moving to RHEL-7 (and reassigning to unixODBC) where we can fix the remaining issues promptly.
1. bad use of sizeof => DriverManager/__info.c:3978 It looks like there should be used sizeof(*error_header) instead of sizeof(error_header). | void setup_error_head( EHEAD *error_header, void *handle, int type ) | { |- memset( error_header, 0, sizeof( error_header )); |+ memset( error_header, 0, sizeof( *error_header )); | | error_header -> owning_handle = handle; | error_header -> handle_type = type; 2. Bad negation of comparison. => DriverManager/SQLGetCursorName.c:188 => DriverManager/SQLGetCursorNameW.c:171 Result of '!buffer_length' is always 0 or 1. Never can be less than 0. | @@ -185,7 +185,7 @@ SQLRETURN SQLGetCursorName( SQLHSTMT statement_h.., | | thread_protect( SQL_HANDLE_STMT, statement ); | | - if ( !buffer_length < 0 ) | + if ( !(buffer_length < 0) ) | { | dm_log_write( __FILE__, | __LINE__, 3. Defect in Working with list => DriverManager/SQLConnect.c:2393 The variable 'env_lib_list' really looks like it may be equal to NULL, even if 'env_lib_prev' is non-NULL. Here is the case: (after that the while's breake will be achieved) | @@ -2303,6 +2303,9 @@ static void release_env( DMHDBC connection ) | } | env_lib_prev = env_lib_list; | env_lib_list = env_lib_list -> next; | + // this is it: ^^^^ | + // env_lib_list goes to NULL but env_lib_prev stays | + // non-NULL | } | } 4. Null dereference when error handling.. => Drivers/template/SQLAllocStmt.c:24 dereference of NULL pointer hDbc (hDbc->hLog). 5. Null dereference. => Drivers/template/SQLDescribeCol.c:49 dereference of the variable 'szColname' as strcpy target. 6. Null dereference => cur/SQLAllocStmt.c:74 | if (!cl_statement) { | cl_statement -> cl_connection -> ... | } 7. Missing break statement_handle => exe/isql.c:103 when '-3' parameter is passed it really looks that verbose mode is turned on because of falling through this.. 8. Static overrun => Drivers/Postgre7.1/info.c1010 | @@ -1007,7 +1007,7 @@ mylog("%s: entering...stmt=%u\n", func, stmt); | strcpy(prefixes, globals.extra_systable_prefixes); | i = 0; | prefix[i] = strtok(prefixes, ";"); | - while (prefix[i] && i<32) { | + while (prefix[i] && i<31) { | prefix[++i] = strtok(NULL, ";"); | } 9. Static overrun => Drivers/nn/convert.c:248/434 Bad walk through sqltype_idx_tab. It has only 7 items. 10. Sizeof mismatch => DriverManager/SQLGetStmtAttrW.c:322|329|336 Memcpy on line 322 will copy only first 8 bytes from statement->apd into value pointer destination. | memcpy( value, &statement -> apd, sizeof( SQLHANDLE )); 11. Stray semicolon => cur/SQLBindCol.c:89 12. Missing return statement => unixODBC-2.2.14/exe/isql.c:552 13. Array 'salt' is not initialized and is used => Drivers/PostgreSQL/results.c:743 | crypt( ci -> password, salt ); ^^^^